Malicious PyPI Packages Using Compiled Python Code to Bypass Detection
Researchers have discovered a novel attack on the Python Package Index (PyPI) repository that employs compiled Python code to sidestep detection by application security tools.
“It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,” ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.
The package
“It may be the first supply chain attack to take advantage of the fact that Python bytecode (PYC) files can be directly executed,” ReversingLabs analyst Karlo Zanki said in a report shared with The Hacker News.
The package
React to this headline: